CVE-2019-12387

Published: 10 June 2019

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

Priority

Low

CVSS 3 base score: 6.1

Status

Package Release Status
twisted
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (17.9.0-2ubuntu0.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (16.0.0-1ubuntu0.4)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (13.2.0-1ubuntu1.2+esm1)
Patches:
Upstream: https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
twisted-py3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist